Security: Updates, DOD and Red Hat on "Security Hardening Rules"

In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain's computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron's MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening.

In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do the work you want to do. With complex packages such as Apache httpd, however, every installation will require some degree of customization before it's ready for deployment to production, and with more complex configurations, there's a chance that a setting or the interaction between several settings can have security implications which aren't immediately evident. Additionally, sometimes systems are configured in a manner that aids rapid development, but those configurations aren't suitable for production environments.

With our hardening rules, we detect some of the most common security-related configuration issues and provide context to help you understand the represented risks, as well as recommendations on how to remediate the issues.

Back when Huawei introduced the EROFS Linux file-system earlier this year, there wasn't any open-source user-space utility for actually making EROFS file-systems. Even when EROFS was merged into the mainline tree, the user-space utility was still non-existent but now that issue has been rectified.

Heterogeneous Memory Management is the effort going on for more than four years that was finally merged to the mainline Linux kernel last year but is still working on adding additional features and improvements. HMM is what allows for allowing the mirroring of process address spaces, system memory to be transparently used by any device process, and other functionality for GPU computing as well as other device/driver purposes.
Jerome Glisse at Red Hat who has spearheaded Heterogeneous Memory Management from the start presented at last week's Linux Plumbers Conference on this unified memory solution.

Now I am close to complete one year of Linux Kernel, and one question still bugs me: why does it have to be so hard for someone in a similar condition to become part of this world? I realized that I had great support from many people (especially from my sweet and calm wife) and I also pushed myself very hard. Now, I feel that it is time to start giving back something to society; as a result, I began to promote some small events about free software in the university and the city I live. However, my main project related to this started around two months ago with six undergraduate students at the University of Sao Paulo, IME [3]. My plan is simple: train all of these six students to contribute to the Linux Kernel with the intention to help them to create a local group of Kernel developers. I am excited about this project! I noticed that within a few weeks of mentoring the students they already learned lots of things, and in a few days, they will send out their contributions to the Kernel. I want to write a new post about that in December 2018, reporting the results of this new tiny project and the summary of this one year of Linux Kernel. See you soon :)

Collabora developer Scott Anderson sent out a "request for comments" patch series that would add a Secure Output Protocol to the Wayland space.
The Secure Output Protocol is for allowing a Wayland client to tell the compositor to only display if it's going to a "secure" output, such as for HDCP-like (High-bandwidth Digital Content Protection) configurations, but there is no mandate at the protocol level about what is the definition of secure -- if anything.
This does not impose any DRM per se by Wayland but is mostly intended for set-top-boxes and other closed systems where a Wayland client can reasonably trust the compositor. The Wayland Secure Output Protocol is based upon the work done by Google on their Chromium Wayland code.

Best Linux Desktop Environments: Strong and Stable

A desktop environment is a collection of disparate components that integrate together. They bundle these components to provide a common graphical user interface with elements such as icons, toolbars, wallpapers, and desktop widgets. Additionally, most desktop environments include a set of integrated applications and utilities.
Desktop environments (now abbreviated as DE) provide their own window manager, system software that controls the placement and appearance of windows within a windowing system. They also provide a file manager which organizes, lists, and locates files and directories. Other aspects include a background provider, a panel to provide a menu and display information, as well as a setting/configuration manager to customize the environment.
Ultimately, a DE is a piece of software. While they are more complicated than most other types of software, they are installed in the same way.

KDE neon upgrade - From 16.04 to 18.04

I am quite happy with the KDE neon upgrade, going from the 16.04 to the 18.04 base. I think it's good on several levels, including improved hardware support and even slightly better performance. Plus there were no crashes or regressions of any kind, always a bonus. This means that neon users now have a fresh span of time to enjoy their non-distro distro, even though it's not really committing to any hard dates, so the LTS is also only sort of LTS in that sense. It's quite metaphysical.
On a slightly more serious note, this upgrade was a good, positive experience. I semi-accidentally tried to ruin it, but the system recovered remarkably, the post-upgrade results are all sweet, and you have a beautiful, fast Plasma desktop, replete with applications and dope looks and whatnot. I'm happy, and we shall bottle that emotion for when the need arises, and in the Linux world it does happen often, I shall have an elixir of rejuvenation to sip upon. KDE neon, a surprisingly refined non-distro distro.

It’s been some time since I last talked with you about business logic engines and using them in application development cloud architectures. At that time, I showcased running JBoss BRMS in a container on Red Hat OpenShift. This gives you the cloud experience, one that’s portable across private and public clouds, but on your own local laptop using Red Hat Container Development Kit.
The world continues to move forward, a new product has been released which replaced JBoss BRMS with the Red Hat Decision Manager, so now I want to provide a way for you to install this on OpenShift, in the same easy to use demo format.

In August 2017, I participated in a cross-departmental design thinking session with our Global Services vice president, John Allessio, our vice president of marketing communications, Leigh Day, and numerous other leaders from our design, brand and marketing teams. After a face-to-face, all-day session where ideas burst out of our collective heads left and right, one thing was certain: we were collectively passionate about using open source technology, along with Open Innovation Labs’ focus on people and process, to help solve the world’s grand challenges and to positively impact people in need. We just needed to find the right project to prove it would work.
Fast-forward to New York City, late that same year. I was attending Red Hat Forum, an amazing event where our customers, partners and communities come together to share what we’re doing, and find new ways to leverage Red Hat to great advantage. I presented on Open Innovation Labs and talked with Red Hat users from Cigna, Marriott, Deutsche Bank, and more.

Last month, along with more than 12,000 Red Hat co-workers across the globe, I celebrated We Are Red Hat Week. It's a special time for us to recognize and honor the values and spirit that make Red Hat truly unique.
At Red Hat, our mission is to serve as the catalyst in communities of customers, contributors, and partners making better technology the open source way. We're unabashedly an open organization, which means we excel by – as our CEO Jim Whitehurst puts it in his book, "The Open Organization" – "engaging participative communities both inside and out."

Expected to arrive next year on February, LibreOffice 6.2 will be the second semi-major update to the LibreOffice 6 office suite series, bringing a bunch of enhancements and new features to make your daily office tasks easier and more enjoyable. One of these new features is an optional UI design called the Notebookbar.
The Notebookbar UI is included in the beta version of LibreOffice 6.2 if you want to take it for a test drive (details below), along with the KDE Plasma 5 integration and numerous other improvements we talked about in a previous article. Of course, LibreOffice 6.2 will also include lots of stability and reliability updates.